Service management method and apparatus thereof

ABSTRACT

A service management method and an apparatus thereof are disclosed. The method includes: obtaining, by user equipment, a communication address of a gateway user plane, and establishing a communication link to the gateway user plane by using the communication address; sending a session connection create request message to the gateway user plane by using the communication link; receiving, by using the communication link, a session connection create response message sent by the gateway user plane; and when the authentication result is that the authentication succeeds, performing service management based on service policy information that is sent by the gateway user plane by using the communication link. According to the embodiments of the present disclosure, a participation level of the user equipment can be increased, and a service management capability of the user equipment can be improved.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of International Application No.PCT/CN2018/076985, filed on Feb. 23, 2018, which claims priority toChinese Patent Application No. 201710113550.8, filed on Feb. 28, 2017,The disclosures of the aforementioned applications are herebyincorporated by reference in their entireties.

TECHNICAL FIELD

The present disclosure relates to the field of communicationstechnologies, and in particular, to a service management method and anapparatus thereof.

BACKGROUND

As a service awareness capability based on deep packet inspection (DPI)on a mobile broadband network poses an increasing quantity of controland charging requirements on services, a packet core network device suchas a gateway general packet radio service (GPRS) support node (GatewayGPRS Support Node, GGSN), packet data network gateway (PGW), or trafficdetection function (TDF) needs to perceive, charge, and control serviceflows by using a DPI function, a content charging function, and aservice control function of the packet core network device, and alsosupports a function of selecting a service flow path and a bearer.

The PGW is a functional entity in an evolved packet core (EPC) network,a user plane anchor between a 3rd Generation Partnership Project (3GPP)access network and a non-3GPP access network, and an interface on whichan EPC core network packet switched domain is connected to an externalpacket data network (PDN), and is configured to: detect a service dataflow and enforce a charging and control policy. In a 4^(th)-generationmobile communications (4^(th)-Generation, 4G) network and a3^(rd)-generation mobile communications (3^(rd)-Generation, 3G) network,the PGW may serve as a policy and charging enforcement function (PCEF),and is connected to a policy and charging rules function (PCRF) througha Gx interface.

The GGSN may serve as a PCEF in a 2^(nd)-generation mobilecommunications (2^(nd)-Generation, 2G) network.

In a 2G/3G/4G network architecture, a PCEF supports a basic policy andcharging control (PCC) function, and implements policy and chargingcontrol by using a policy delivered by the PCRF. The PCEF supports apolicy delivered by the PCRF or an authentication, authorization andaccounting (AAA) server or a locally configured policy, and isresponsible for service flow data detection, policy enforcement, andflow-based charging processing.

FIG. 1a is a schematic diagram of deployment of gateway devices in a2G/3G/4G network architecture. Service management is completed on thePGW/GGSN, such as awareness of all services, policy matching, andcharging and control policy enforcement. During an entire networkfunction division process, user equipment (UE) supports only relatedinformation delivered by a control plane device of a core network byusing a signaling message, such as a traffic flow template (TFT), abearer level identifier, and quality of service (QoS), to select abearer of an uplink service flow and implement a QoS policy.

FIG. 1b is a schematic diagram of deployment of gateway devices in anetwork structure with a user plane separated from a control plane (forexample, a 5^(th)-generation mobile communication (5^(th)-Generation,5G) network architecture). A centralized gateway is deployed in abackbone network, and functions of control planes of a serving gateway(SGW) and a PGW are included, such as switching a mobile signaling planeanchor between base stations, charging for inter-operator roaming,processing access signaling, processing dedicated bearer createsignaling, allocating an address pool, and controlling user accessauthentication. A distributed gateway is deployed in a metropolitan corenetwork, and functions of user planes of an SGW and a PGW are included,such as switching mobile data description between base stations,forwarding user data, collecting user charging information, enforcing acharging and control policy, and processing service DPI. The centralizedgateway and the distributed gateway jointly complete the functions ofthe serving gateway (SGW)/PGW. Even though the 5G network architectureimplements separation between a user plane and a control plane, UE stillneither participates in service awareness, policy matching, and chargingand control policy enforcement, and nor participates in a dynamic sliceselection policy in a network slicing scenario.

As new applications and service scenarios evolve, types of UE, asupportable service scenario, a server-side encrypted transmissioncapability, and the like all develop by leaps and bounds. In a currentnetwork architecture, it is more difficult to complete servicemanagement on a core network gateway device.

SUMMARY

Embodiments of the present disclosure provide a service managementmethod and an apparatus thereof, so that user equipment performs servicemanagement, a participation level of the user equipment can beincreased, and a service management capability of the user equipment canbe improved.

A first aspect of the embodiments of the present disclosure provides aservice management method, including:

-   -   obtaining, by user equipment, a communication address of a        gateway user plane, and establishing a communication link to the        gateway user plane by using the communication address;    -   sending, by the user equipment, a session connection create        request message to the gateway user plane by using the        communication link, where the session connection create request        message includes authentication information of a gateway        terminal module of the user equipment, and the authentication        information of the gateway terminal module of the user equipment        is used by the gateway user plane to trigger a gateway control        plane to request an authentication server to perform        authentication on the gateway terminal module of the user        equipment;    -   receiving, by the user equipment by using the communication        link, a session connection create response message sent by the        gateway user plane, where the session connection create response        message includes an authentication result; and if the        authentication result is that the authentication succeeds,        performing, by the user equipment, service management based on        service policy information that is sent by the gateway user        plane by using the communication link.

According to the first aspect of the embodiments of the presentdisclosure, the user equipment establishes the communication link to thegateway user plane by using the communication address of the gatewayuser plane, so that the user equipment performs, when the authenticationsucceeds, service management based on the service policy informationsent by the gateway user plane, and therefore the user equipmentperforms service management, a participation level of the user equipmentcan be increased, and a service management capability of the userequipment can be improved.

In a possible implementation, the authentication information of thegateway terminal module of the user equipment includes information suchas an identifier of the gateway terminal module of the user equipmentand keyword information, and is used by the authentication server toperform authentication on the gateway terminal module of the userequipment.

In a possible implementation, the service policy information includes atleast one current network slice connection policy, the at least onecurrent network slice connection policy is at least one original networkslice connection policy or at least one updated network slice connectionpolicy, and a network slice connection policy is used to indicate asession connection relationship between an application identifier and anetwork slice; and the process of performing, by the user equipment,service management based on service policy information that is sent bythe gateway user plane by using the communication link is as follows:

-   -   obtaining, by the user equipment, an application identifier of a        current application;    -   searching, by the user equipment for a network slice        corresponding to the application identifier of the current        application, the at least one current network slice connection        policy that is sent by the gateway user plane by using the        communication link; and establishing, by the user equipment, a        session connection and performing service access based on the        found network slice.

In the possible implementation, the user equipment may independentlyselect the network slice to perform the session connection and theservice access, thereby reducing processing pressure of a core networkdevice, and improving a processing capability of the user equipment.

In a possible implementation, the at least one current network sliceconnection policy is the at least one updated network slice connectionpolicy; and before the performing service management based on servicepolicy information that is sent by the gateway user plane by using thecommunication link, the user equipment sends a session connection updateresponse message to the gateway user plane by using the communicationlink, where the session connection update response message is used toindicate that the user equipment has updated the at least one originalnetwork slice connection policy, so that the gateway user plane learnsan update status of the user equipment.

In a possible implementation, the service policy information includes atleast one service charging and control policy, and a service chargingand control policy is used to indicate a correspondence between anapplication identifier and a charging and control policy; and theprocess of performing, by the user equipment, service management basedon service policy information that is sent by the gateway user plane byusing the communication link is as follows:

-   -   obtaining, by the user equipment, an application identifier of a        current application that accesses a data service;    -   searching, by the user equipment for a charging and control        policy corresponding to the application identifier of the        current application, the at least one service charging and        control policy that is sent by the gateway user plane by using        the communication link; and collecting, by the user equipment,        statistics about data traffic and performing access control        based on the found charging and control policy.

In the possible implementation, the user equipment collects thestatistics about the data traffic of the current application andperforms access control, thereby increasing a participation level of theuser equipment and improving a processing capability of the userequipment.

In a possible implementation, after the performing service managementbased on service policy information that is sent by the gateway userplane by using the communication link, the user equipment periodicallysends a usage report request message to the gateway user plane by usingthe communication link, where the usage report request message includesfeature attribute information of the user equipment and statistics abouttraffic usage for an application, the usage report request message isused to inform the gateway user plane of usage, and is used to requestthe gateway user plane to generate an online or offline call detailrecord and feed back a usage report confirmation message, and the usagereport confirmation message is used to indicate that the gateway userplane has confirmed the statistics about traffic usage for anapplication.

In a possible implementation, the user equipment obtains thecommunication address of the gateway user plane based on an attachresponse message sent by an access network gateway, where the attachresponse message includes the communication address of the gateway userplane. The communication address is obtained based on the attachresponse message without specially sending a request, and implementationis simple and convenient.

In a possible implementation, the user equipment obtains thecommunication address of the gateway user plane based onpreconfiguration information of the user equipment, where thepreconfiguration information may be configured by an operator when theuser equipment is customized, and obtaining the communication addressbased on the preconfiguration information does not change an existingactivation procedure.

In a possible implementation, the user equipment obtains thecommunication address of the gateway user plane in a configurationmanner selected by a user. In other words, obtaining the communicationaddress by the user equipment through manual configuration does notchange an existing activation procedure.

In a possible implementation, before the establishing a communicationlink to the gateway user plane by using the communication address, theuser equipment detects whether the gateway terminal module of the userequipment, a right of the user equipment, and a network operatingenvironment meet a preset condition; and if a detection result is yes,establishes the communication link to the gateway user plane by usingthe communication address. Whether the user equipment can establish thecommunication link is determined based on the preset condition, toensure security of the communication link.

In a possible implementation, the session connection create requestmessage further includes the feature attribute information of the userequipment, the feature attribute information of the user equipmentincludes a mobile station integrated services digital network number(MSISDN) and an international mobile subscriber identity IMSI, and theMSISDN and the IMSI are used to identify the user equipment.

In a possible implementation, the connection session create responsemessage further includes the feature attribute information of the userequipment, so as to associate the user equipment with the authenticationresult.

In a possible implementation, the authentication information of thegateway terminal module of the user plane device, the authenticationresult, the service policy information, the feature attributeinformation of the user equipment, and the statistics about trafficusage for an application are transmitted in an encrypted manner on thecommunication link, thereby preventing the transmitted content frombeing tampered with, and ensuring transmission security.

A second aspect of the embodiments of the present disclosure provides aservice management method, including:

-   -   receiving, by a gateway user plane by using a communication        link, a session connection create request message sent by user        equipment, where the session connection create request message        includes authentication information of a gateway terminal module        of the user equipment, and the communication link is a link        established by the user equipment to the gateway user plane by        using an obtained communication address of the gateway user        plane;    -   sending, by the gateway user plane, an authentication request        message to a gateway control plane, where the authentication        request message includes the authentication information of the        gateway terminal module of the user equipment, and the        authentication request message is used to trigger the gateway        control plane to request an authentication server to perform        authentication on the gateway terminal module of the user        equipment;    -   receiving, by the gateway user plane, an authentication response        message sent by the gateway control plane, and sending a session        connection create response message to the user equipment by        using the communication link, where the authentication response        message and the session connection create response message        include an authentication result; and    -   if the authentication result is that the authentication        succeeds, receiving, by the gateway user plane, service policy        information sent by the gateway control plane, and sending the        service policy information to the user equipment by using the        communication link, where the service policy information is used        by the user equipment to perform service management based on the        service policy information.

According to the second aspect of the embodiments of the presentdisclosure, when the user equipment is authenticated, the service policyinformation is sent to the user equipment by using the communicationlink that is established to the user equipment, and the user equipmentperforms service management based on the service policy information, sothat service management pressure of a core network device can bereduced, and a service management capability of the user equipment canbe improved.

In a possible implementation, the service policy information includes atleast one current network slice connection policy, the at least onecurrent network slice connection policy is at least one original networkslice connection policy or at least one updated network slice connectionpolicy, and a network slice connection policy is used to indicate asession connection relationship between an application identifier and anetwork slice, so that the user equipment independently selects anetwork slice to perform a session connection and service access,thereby reducing processing pressure of a core network device, andimproving a processing capability of the user equipment.

In a possible implementation, when the at least one current networkslice connection policy is the at least one updated network sliceconnection policy, the gateway user plane receives, by using thecommunication link, a session connection update response message sent bythe user equipment, where the session connection update response messageis used to indicate that the user equipment has updated the at least oneoriginal network slice connection policy, to learn an update status ofthe user equipment.

In a possible implementation, the service policy information includes atleast one service charging and control policy, a service charging andcontrol policy is used to indicate a correspondence between anapplication identifier and a charging and control policy, so that theuser equipment collects statistics about and performs access control ondata traffic of a current application, thereby increasing aparticipation level of the user equipment and improving a processingcapability of the user equipment.

In a possible implementation, the gateway user plane receives, by usingthe communication link, a usage report request message periodically sentby the user equipment, where the usage report request message includesfeature attribute information of the user equipment and statistics abouttraffic usage for an application; and generates an online or offlinecall detail record based on the usage report request message and feedsback a usage report confirmation message to the user equipment by usingthe communication link, where the usage report confirmation message isused to indicate that the gateway user plane has confirmed thestatistics about traffic usage for an application.

In a possible implementation, the session connection create requestmessage further includes the feature attribute information of the userequipment, the feature attribute information of the user equipmentincludes an MSISDN and an IMSI, and the MSISDN and the IMSI are used toidentify the user equipment.

In a possible implementation, the authentication response message andthe connection session create response message further include thefeature attribute information of the user equipment, to associate theuser equipment with the authentication result.

In a possible implementation, the authentication information of thegateway terminal module of the user plane device, the authenticationresult, the service policy information, the feature attributeinformation of the user equipment, and the statistics about trafficusage for an application are transmitted in an encrypted manner on thecommunication link, thereby preventing the transmitted content frombeing tampered with, and ensuring transmission security.

A third aspect of the embodiments of the present disclosure providesuser equipment, including:

-   -   an obtaining unit, configured to obtain a communication address        of a gateway user plane;    -   an establishment unit, configured to establish a communication        link to the gateway user plane by using the communication        address;    -   a sending unit, configured to send a session connection create        request message to the gateway user plane by using the        communication link, where the session connection create request        message includes authentication information of a gateway        terminal module of the user equipment, and the authentication        information of the gateway terminal module of the user equipment        is used by the gateway user plane to trigger a gateway control        plane to request an authentication server to perform        authentication on the gateway terminal module of the user        equipment;    -   a receiving unit, configured to receive, by using the        communication link, a session connection create response message        sent by the gateway user plane, where the session connection        create response message includes an authentication result; and    -   a management unit, configured to: if the authentication result        is that the authentication succeeds, perform service management        based on service policy information that is sent by the gateway        user plane by using the communication link.

The user equipment provided in the third aspect of the embodiments ofthe present disclosure is configured to implement the functions executedby the user equipment in the service management method provided in thefirst aspect of the embodiments of the present disclosure.

A fourth aspect of the embodiments of the present disclosure provides agateway user plane, including:

-   -   a receiving unit, configured to receive, by using a        communication link, a session connection create request message        sent by user equipment, where the session connection create        request message includes authentication information of a gateway        terminal module of the user equipment, and the communication        link is a link established by the user equipment to the gateway        user plane by using an obtained communication address of the        gateway user plane; and    -   a sending unit, configured to send an authentication request        message to a gateway control plane, where the authentication        request message includes the authentication information of the        gateway terminal module of the user equipment, and the        authentication request message is used to trigger the gateway        control plane to request an authentication server to perform        authentication on the gateway terminal module of the user        equipment, where    -   the receiving unit is further configured to receive an        authentication response message sent by the gateway control        plane;    -   the sending unit is further configured to send a session        connection create response message to the user equipment by        using the communication link, where the authentication response        message and the session connection create response message        include an authentication result;    -   the receiving unit is further configured to: if the        authentication result is that the authentication succeeds,        receive service policy information sent by the gateway control        plane; and    -   the sending unit is further configured to send the service        policy information to the user equipment by using the        communication link, where the service policy information is used        by the user equipment to perform service management based on the        service policy information.

The gateway user plane provided in the fourth aspect of the embodimentsof the present disclosure is configured to implement the functionsexecuted by the gateway user plane in the service management methodprovided in the second aspect of the embodiments of the presentdisclosure.

A fifth aspect of the embodiments of the present disclosure providesanother user equipment, including a processor and a transceiver, where

-   -   the processor is configured to: obtain a communication address        of a gateway user plane, and establish a communication link to        the gateway user plane by using the communication address;    -   the transceiver is configured to send a session connection        create request message to the gateway user plane by using the        communication link, where the session connection create request        message includes authentication information of a gateway        terminal module of the user equipment, and the authentication        information of the gateway terminal module of the user equipment        is used by the gateway user plane to trigger a gateway control        plane to request an authentication server to perform        authentication on the gateway terminal module of the user        equipment;    -   the transceiver is further configured to receive, by using the        communication link, a session connection create response message        sent by the gateway user plane, where the session connection        create response message includes an authentication result; and    -   if the authentication result is that the authentication        succeeds, the processor is further configured to perform service        management based on service policy information that is sent by        the gateway user plane by using the communication link.

The user equipment provided in the fifth aspect of the embodiments ofthe present disclosure is configured to implement the functions executedby the user equipment in the service management method provided in thefirst aspect of the embodiments of the present disclosure.

A sixth aspect of the embodiments of the present disclosure providesanother gateway user plane, including a processor and a transceiver,where

-   -   the transceiver is configured to receive, by using a        communication link, a session connection create request message        sent by user equipment, where the session connection create        request message includes authentication information of a gateway        terminal module of the user equipment, and the communication        link is a link established by the user equipment to the gateway        user plane by using an obtained communication address of the        gateway user plane;    -   the transceiver is further configured to send an authentication        request message to a gateway control plane, where the        authentication request message includes the authentication        information of the gateway terminal module of the user        equipment, and the authentication request message is used to        trigger the gateway control plane to request an authentication        server to perform authentication on the gateway terminal module        of the user equipment;    -   the transceiver is further configured to: receive an        authentication response message sent by the gateway control        plane, and send a session connection create response message to        the user equipment by using the communication link, where the        authentication response message and the session connection        create response message include an authentication result; and    -   if the authentication result is that the authentication        succeeds, the transceiver is further configured to: receive        service policy information sent by the gateway control plane,        and send the service policy information to the user equipment by        using the communication link, where the service policy        information is used by the user equipment to perform service        management based on the service policy information.

The gateway user plane provided in the sixth aspect of the embodimentsof the present disclosure is configured to implement the functionsexecuted by the gateway user plane in the service management methodprovided in the second aspect of the embodiments of the presentdisclosure.

In the embodiments of the present disclosure, the user equipment obtainsthe communication address of the gateway user plane, establishes thecommunication link to the gateway user plane, and sends, to the gatewayuser plane by using the communication link, the session connectioncreate request message that carries the authentication information ofthe gateway terminal module of the user equipment. When receiving thesession connection create request message, the gateway user plane sendsthe authentication request message to the gateway control plane, and theauthentication request message is used to trigger the gateway controlplane to request the authentication server to perform authentication onthe gateway terminal module of the user equipment. The authenticationserver performs authentication on the gateway terminal module of theuser equipment, and feeds back the authentication result to the gatewaycontrol plane. When receiving the authentication result, the gatewaycontrol plane adds the authentication result to the authenticationresponse message and sends the authentication response message to thegateway user plane, and the gateway user plane adds the authenticationresult to the session connection create response message and sends thesession connection create response message to the user equipment. If theauthentication result is that the authentication succeeds, the gatewaycontrol plane sends the service policy information to the gateway userplane, the gateway user plane sends the service policy information tothe user equipment, and the user equipment performs service managementbased on the service policy information, so that the user equipmentperforms service management, a participation level of the user equipmentcan be increased, and a service management capability of the userequipment can be improved.

BRIEF DESCRIPTION OF DRAWINGS

To describe the technical solutions in the embodiments of the presentdisclosure or in the background more clearly, the following brieflydescribes the accompanying drawings required for describing theembodiments of the present disclosure or the background.

FIG. 1a is a schematic diagram of deployment of gateway devices in a2G/3G/4G network architecture;

FIG. 1b is a schematic diagram of deployment of gateway devices in anetwork structure with a user plane separated from a control plane;

FIG. 2 is a schematic structural diagram of a service management systemaccording to an embodiment of the present disclosure;

FIG. 3 is a schematic structural diagram of user equipment according toan embodiment of the present disclosure;

FIG. 4 is a schematic structural diagram of a gateway user planeaccording to an embodiment of the present disclosure;

FIG. 5A, FIG. 5B, and FIG. 5C are a schematic communication diagram of aservice management method according to Embodiment 1 of the presentdisclosure;

FIG. 6A, FIG. 6B, and FIG. 6C are a schematic communication diagram of aservice management method according to Embodiment 2 of the presentdisclosure;

FIG. 7 is a schematic communication diagram of a service managementmethod according to Embodiment 3 of the present disclosure;

FIG. 8A, FIG. 8B, and FIG. 8C are a schematic communication diagram of aservice management method according to Embodiment 4 of the presentdisclosure;

FIG. 9 is a schematic structural diagram of another user equipmentaccording to an embodiment of the present disclosure; and

FIG. 10 is a schematic structural diagram of another gateway user planeaccording to an embodiment of the present disclosure.

DESCRIPTION OF EMBODIMENTS

The following describes the embodiments of the present disclosure withreference to the accompanying drawings in the embodiments of the presentdisclosure.

FIG. 2 is a schematic structural diagram of a service management systemaccording to an embodiment of the present disclosure. The servicemanagement system includes user equipment (UE), a radio access network(RAN), a gateway control plane (GW-C), a gateway user plane (GW-U) 1, agateway user plane 2, the Internet, and an augmented reality (AR) server(an Enterprise shown in FIG. 2). It should be noted that forms andquantities of elements shown in FIG. 2 do not constitute a limitation onthis embodiment of the present disclosure.

The UE has a gateway terminal (GW-T) module, the module may implementfunctions between the UE and the GW-U by using a data communicationlink, such as authentication, policy interaction, and statisticsreporting, to assist a core network side in dynamically deploying andselecting a future network slice, collecting statistics aboutapplication data services and reporting the application data services,policy control, and the like.

The access network may be an access network in a 2G/3G/4G networkarchitecture, an access network in a network structure with a user planeseparated from a control plane, or an access network in a futurecommunications network architecture.

The gateway control plane is a gateway control plane functional entity,and the gateway user plane is a gateway user plane functional entity.The GW-C may be a serving gateway control plane (SGW-C) or a packet datanetwork gateway control plane (PGW-C), and may further integratefunctions of a control plane in a core network device. For example, theGW-C may include functions of control planes of an SGW and a PGW. A GW-Umay be a serving gateway user plane (SGW-U) or a packet data networkgateway user plane (PGW-U), and may further integrate functions of auser plane in the core network device. For example, the GW-U may includefunctions of user planes of an SGW and a PGW. The GW-C and the GW-U maybe deployed in an integrated manner or separately. Further, there may bedifferent GW-Us in different application scenarios. For example, theGW-U 1 shown in FIG. 2 is applied to a scenario in which the Internet isaccessed, and the GW-U 2 is applied to a scenario in which an AR serviceis accessed.

AR means adding content based on reality by using technologies, amongwhich core ones include real object identification, geographicallocation locating, instant calculation required in different scenarios,and the like. There are different AR servers for different types of ARservices.

Currently, the UE accesses the Internet by using dashed lines 1 and 2shown in FIG. 2, the dashed line 1 represents that the UE establishes apublic network service session, and the dashed line 2 represents thatthe GW-C instructs the GW-U 1 to establish an Sx bearer context. The UEaccesses an AR service by using dashed lines 6 and 7 shown in FIG. 2,the dashed line 6 represents that the UE establishes an AR servicesession, and the dashed line 7 represents that the GW-C instructs theGW-U 2 to establish an Sx bearer context. Sx represents a sessionconnection between the GW-C and the GW-U. It can be learned that the UEcurrently needs to access a service by using the GW-C and the GW-U.

In this embodiment of the present disclosure, the UE may establish adata communication link to the GW-U. Specifically, the GW-T module ofthe UE may establish a data communication link to the GW-U. Afterestablishing the data communication link, the UE directly performsservice access by using the GW-U. With reference to the schematicdiagram shown in FIG. 2, a solid line 4 represents that the UEcompletes, by using the data communication link, a process of performingauthentication on the GW-T module. A solid line 3 represents that the UEaccesses the Internet by using the GW-U 1. A solid line 5 representsthat the GW-U 1 delivers service policies to the UE by using the datacommunication link, and the service policies may include a network sliceconnection policy, a charging and control policy, and the like. A solidline 8 represents that the UE accesses an AR service by using the GW-U2.

Scenarios, shown in FIG. 2, of accessing the Internet and the AR serviceare merely used as an example. During actual application, FIG. 2 mayfurther include a server and a GW-U that correspond to a service, suchas the Internet of Things (IoT), remote medical treatment, orself-driving, so that the UE accesses the service such as the IoT,remote medical treatment, or self-driving. The AR, the IoT, the remotemedical treatment, and the self-driving respectively correspond todifferent service level agreements (SLA).

The user equipment in this embodiment of the present disclosure may bean access terminal, a subscriber unit, a subscriber station, a mobilestation, a mobile console, a remote station, a remote terminal, a mobiledevice, a user terminal, a terminal, a wireless communications device, auser agent, a user apparatus, or the like. The access terminal may be acellular phone, a cordless phone, a session initiation protocol (SIP)phone, a wireless local loop (WLL) station, a personal digital assistantPDA), a handheld device having a wireless communication function, acomputing device, another processing device connected to a wirelessmodem, a vehicle-mounted device, a wearable device, user equipment in afuture wireless communications network, or the like. It should be notedthat the user equipment in this embodiment of the present disclosure hasthe GW-T module. The module may be a chip or a hardware module designedin the user equipment, or a system application program (when the userequipment is unrooted, the application program cannot be deleted)installed in the user equipment. This is determined depending on aspecific case. In other words, the user equipment in this embodiment ofthe present disclosure may be customized user equipment provided by anoperator.

FIG. 3 is a schematic structural diagram of user equipment according toan embodiment of the present disclosure. User equipment 101 includes aprocessor 1011 and a transceiver 1012. During actual application, theuser equipment 101 may further include other parts such as a powersupply, a display module, a sensing module, and an audio module. Theprocessor 1011 may be a controller, a central processing unit (CPU), ageneral-purpose processor, a digital signal processor (DSP), anapplication-specific integrated circuit (ASIC), a field programmablegate array (FPGA) or another programmable logic device, a transistorlogic device, a hardware component, or any combination thereof. Theprocessor may implement or execute various example logical blocks,modules, and circuits that are described with reference to thisembodiment of the present disclosure. Alternatively, the processor 1011may be a combination of processors implementing a computing function,for example, a combination of one or more microprocessors, or acombination of the DSP and a microprocessor. The transceiver 1012 isconfigured to implement communication or data transmission between theuser equipment 101 and a network device such as a base station or asatellite, and is further configured to implement communication or datatransmission between the user equipment 101 and another user equipment.When the transceiver 1012 is applied to this embodiment of the presentdisclosure, the transceiver 1012 is configured to perform communicationor data transmission between the user equipment 101 and a gateway userplane. If a GW-T module is a chip or a hardware module designed in theuser equipment, the user equipment 101 shown in FIG. 3 further includesa GW-T module 1013, configured to implement functions between the userequipment 101 and the gateway user plane, such as authentication, policyinteraction, and statistics reporting, to assist a core network side indynamically deploying and selecting a future network slice, collectingstatistics about application data services and reporting the applicationdata services, policy control, and the like. The GW-T module 1013 may beintegrated in the processor 1011 or the transceiver 1012, or may be anindependently deployed module.

The gateway user plane in this embodiment of the present disclosureimplements a user plane function of a core network device such as an SGWand/or a PGW. FIG. 4 is a schematic structural diagram of a gateway userplane according to an embodiment of the present disclosure. A gatewayuser plane 102 includes a processor 1021 and a transceiver 1022. Theprocessor 1021 is configured to implement or execute various examplelogical blocks, modules, and circuits that are described with referenceto this embodiment of the present disclosure. The transceiver 1022 isconfigured to implement communication or data transmission between thegateway user plane 102 and each of a gateway control plane, userequipment, and another core network device. The gateway user plane 102includes a communication address (GW-U IP Address for GW-T) of a GW-Tmodule for the user equipment. During actual application, the gatewayuser plane includes a plurality of communication addresses, and the GW-UIP Address for GW-T is used to establish a data communication link tothe GW-T module of the user equipment, so that the gateway user plane102 delivers service policy information to the user equipment. Theschematic structural diagram of the gateway user plane shown in FIG. 4may also be a schematic structural diagram of a gateway control plane.

An authentication server, namely, an AAA server is further used in thisembodiment of the present disclosure, and is configured to performauthentication on the GW-T module of the user equipment.

A service management method provided in embodiments of the presentdisclosure is described below in detail with reference to FIG. 5A toFIG. 8C. It should be noted that description is provided in FIG. 5A toFIG. 8C from a perspective of interaction between user equipment and agateway user plane. Embodiment 1 shown in FIG. 5A, FIG. 5B, and FIG. 5Cgenerally describes the service management method, Embodiment 2 andEmbodiment 3 respectively shown in FIG. 6A, FIG. 6B, FIG. 6C, and FIG. 7describe a network slice connection of an AR service, and Embodiment 4shown in FIG. 8A, FIG. 8B, and FIG. 8C describes charging and control ofa data service.

FIG. 5A, FIG. 5B, and FIG. 5C are a schematic communication diagram of aservice management method according to Embodiment 1 of the presentdisclosure. The method includes, but is not limited to, the followingoperations.

Operation S101: User equipment obtains a communication address of agateway user plane.

Specifically, before obtaining the communication address of the gatewayuser plane, the user equipment initiates an activation request messageaccording to a procedure defined in the 3GPP standard document 23401. Anexample in which an SGW and a PGW exist in a network architecture isused, and a specific process of initiating the activation requestmessage is: The UE sends an attach request to a RAN. When receiving theAttach Request, the RAN sends the Attach Request to a mobilitymanagement entity (MME). When receiving the Attach Request, the MMEsends a create session request to an SGW-C. When receiving the CreateSession Request, the SGW-C sends the Create Session Request to a PGW-C.When receiving the Create Session Request, the PGW-C sends a createsession response to the SGW-C. When receiving the Create SessionResponse, the SGW-C sends the Create Session Response to the MME. Whenreceiving the Create Session Response, the MME sends an attach accept tothe RAN. When receiving the Attach Accept, the RAN sends the AttachAccept to the UE, to complete the activation. In the foregoing process,the SGW-C sends an Sx session establishment request to an SGW-U and theSGW-U sends an Sx session establishment response to the SGW-C, toestablish an Sx session connection between the SGW-C and the SGW-U.Likewise, an Sx session connection between the PGW-C and a PGW-U may beestablished. For a user plane/control plane separation networkarchitecture, an MME sends a Create Session Request to a GW-C, and whenreceiving the Create Session Request, the GW-C sends a Create SessionResponse to the MME. The GW-C may also establish an Sx sessionconnection to a GW-U.

In a possible implementation, the user equipment obtains thecommunication address of the gateway user plane based on an attachresponse message sent by an access network gateway, where the attachresponse message includes the communication address of the gateway userplane. To be specific, the user equipment obtains the communicationaddress of the gateway user plane by using the Attach Accept sent by theRAN, specifically, obtains the GW-U IP Address for GW-T. An example inwhich an SGW and a PGW exist in a network architecture is used, and aCreate Session Response sent by a PGW-C to an SGW-C carries the GW-U IPAddress for GW-T, and the GW-U IP Address for GW-T may be indicated byadding an information element to the Create Session Response. A CreateSession Response sent by the SGW-C to an MME carries the GW-U IP Addressfor GW-T. An Attach Accept sent by the MME to a RAN carries the GW-U IPAddress for GW-T. An Attach Accept sent by the RAN to UE carries theGW-U IP Address for GW-T, so that the UE obtains the GW-U IP Address forGW-T by using the Attach Accept sent by the RAN.

In a possible implementation, the user equipment obtains thecommunication address of the gateway user plane based onpreconfiguration information of the user equipment. The preconfigurationinformation includes the communication address of the gateway userplane, specifically, includes the GW-U IP Address for GW-T. Thepreconfiguration information may be configured by an operator when theuser equipment is customized, or may be configured by a manufacturer ofthe user equipment, or may be configured by a system of the userequipment. This is not limited herein.

In a possible implementation, the user equipment obtains thecommunication address of the gateway user plane in a configurationmanner selected by a user. The user equipment provides severalconfiguration manners for the user, and obtains the GW-U IP Address forGW-T in the configuration manner selected by the user, that is, obtainsthe GW-U IP Address for GW-T through manual configuration.

Operation S102: The user equipment establishes a communication link tothe gateway user plane.

Specifically, after obtaining the communication address of the gatewayuser plane, the user equipment may establish the communication link tothe gateway user plane. The communication link is a data communicationlink, and may be used by the gateway user plane to send service policyinformation to the user equipment, may be used by the user equipment tosend a usage report request message to the gateway user plane, and soon. To ensure transmission security, and to prevent the transmittedcontent from being tampered with, the communication link may encrypt thetransmitted content, or the communication link transmits encryptedcontent.

Before establishing the communication link, the user equipment detectswhether a gateway terminal module of the user equipment, a right of theuser equipment, and a network operating environment meet a presetcondition, and establishes the communication link when a detectionresult is yes. The preset condition includes that the UE has the GW-Tmodule, the UE is unrooted, an operation right is obtained, and thenetwork operating environment is secure. If there exists at least one ofthe cases in which the user equipment has no gateway terminal module,the user equipment is rooted, no operation right is obtained, and thenetwork operating environment is insecure, it is determined that thepreset condition is not met. That the UE is rooted means that ahighest-level right of the UE is changed. That the UE is unrooted meansthat the right of the UE is consistent with a right provided atdelivery, and a highest-level right is not changed. That the operationright is obtained means that the UE can be operated, and can be normallyused.

In one embodiment, the communication link is a hyper text transferprotocol over secure socket layer (HTTPS) transmission channel, and theuser equipment initiates an HTTPS connection request to the GW-U IPAddress for GW-T by using a preset key. When receiving the request, thegateway user plane decrypts the request by using the preset key, andsends an HTTPS connection response to the user equipment, so as toestablish the communication link between the user equipment and thegateway user plane.

In one embodiment, the communication link is another secure socketslayer (SSL) transmission channel, and the user equipment initiates aconnection request to the GW-U IP Address for GW-T by using a presetkey. When receiving the request, the gateway user plane decrypts therequest by using the preset key, and sends a connection response to theuser equipment, so as to establish the communication link between theuser equipment and the gateway user plane.

Both the HTTPS transmission channel and the SSL transmission channel aresecure and reliable transmission channels, and another secure andreliable transmission channel may also be used.

Operation S103: The user equipment sends a session connection createrequest message to the gateway user plane by using the communicationlink, where the session connection create request message includesauthentication information of the gateway terminal module of the userequipment.

Specifically, the user equipment sends the session connection createrequest message to the gateway user plane by using the communicationlink, where the session connection create request message includes theauthentication information of the gateway terminal module of the userequipment. The authentication information of the gateway terminal moduleof the user equipment includes information such as an identifier of theGW-T module and keyword information (an authorization/authenticationkeyword), and is used by the gateway user plane to trigger a gatewaycontrol plane to request an authentication server to performauthentication on the GW-T module of the user equipment.

The session connection create request message further includes featureattribute information of the user equipment, and the feature attributeinformation of the user equipment includes information such as a mobilestation integrated services digital network number (MSISDN) and aninternational mobile subscriber identity (IMSI). The MSISDN and the IMSIare used to identify the user equipment.

The authentication information of the gateway terminal module of theuser equipment may be bound to the feature attribute information of theuser equipment, and whether the binding is performed is determined by anoperator. In one embodiment, the user equipment encrypts the sessionconnection create request message by using the preset key, or encryptsthe authentication information of the gateway terminal module of theuser equipment and the feature attribute information of the userequipment by using the preset key, to ensure transmission security.

Operation S104: The gateway user plane receives the session connectioncreate request message by using the communication link.

Specifically, the gateway user plane receives the session connectioncreate request message by using the communication link, and parses thesession connection create request message to obtain the authenticationinformation of the gateway terminal module of the user equipment. If thesession connection create request message is encrypted by using thepreset key, the gateway user plane decrypts the session connectioncreate request message by using the preset key, and parses theauthentication information of the gateway terminal module of the userequipment. If the session connection create request message furtherincludes the feature attribute information of the user equipment, thegateway user plane parses the feature attribute information. If theauthentication information of the gateway terminal module of the userequipment and the feature attribute information of the user equipmentare encrypted by using the preset key, the gateway user plane decryptsthe authentication information and the feature attribute information byusing the preset key, and parses the authentication information and thefeature attribute information.

Operation S105: The gateway user plane sends a first authenticationrequest message to the gateway control plane, where the firstauthentication request message includes the authentication informationof the gateway terminal module of the user equipment.

Specifically, when the gateway user plane and the gateway control planeare separately deployed, the first authentication request messagefurther includes a session identifier, and the session identifier is asession identifier of an Sx session, and is used to identify the gatewayuser plane and the gateway control plane that establish the Sx session.A plurality of gateway user planes and a plurality of gateway controlplanes may exist in a system architecture shown in FIG. 2, and the Sxsession identifier is used to distinguish different gateway user planesconnected to gateway control planes.

The first authentication request message further includes the featureattribute information of the user equipment.

Operation S106: The gateway control plane receives the firstauthentication request message.

Specifically, the gateway control plane receives the firstauthentication request message, and parses the first authenticationrequest message.

Operation S107: The gateway control plane sends a second authenticationrequest message to the authentication server, where the secondauthentication request message includes the authentication informationof the gateway terminal module of the user equipment.

Specifically, the gateway control plane constructs a secondauthentication request message based on a parsing result, and sends thesecond authentication request message to the authentication server. Thesecond authentication request message includes the authenticationinformation of the gateway terminal module of the user equipment. Whenthe gateway user plane and the gateway control plane are separatelydeployed, the second authentication request message further includes thesession identifier.

The second authentication request message further includes the featureattribute information of the user equipment.

Operation S108: The authentication server receives the secondauthentication request message, and performs authentication on thegateway terminal module of the user equipment.

Specifically, the authentication server receives the secondauthentication request message, parses the second authentication requestmessage to obtain the authentication information of the gateway terminalmodule of the user equipment, and performs authentication on the gatewayterminal module of the user equipment based on the authenticationinformation of the gateway terminal module of the user equipment.

Operation S109: The authentication server sends a second authenticationresponse message to the gateway control plane, where the secondauthentication response message includes an authentication result.

Specifically, the authentication server performs authentication on thegateway terminal module of the user equipment to obtain theauthentication result, and the authentication result is that theauthentication succeeds or fails. After obtaining the authenticationresult, the authentication server sends the second authenticationresponse message to the gateway control plane, and the secondauthentication response message includes the authentication result.

The second authentication response message further includes the featureattribute information of the user equipment.

Operation S110: The gateway control plane receives the secondauthentication response message.

Specifically, the gateway control plane receives the secondauthentication response message sent by the authentication server.

Operation S111: The gateway control plane sends a first authenticationresponse message to the gateway user plane, where the firstauthentication response message includes the authentication result.

Specifically, regardless of whether the authentication succeeds orfails, the gateway control plane sends, to the gateway user plane, thefirst authentication response message that carries the authenticationresult.

The first authentication response message further includes the featureattribute information of the user equipment.

Operation S112: The gateway user plane receives the first authenticationresponse message.

Specifically, when the gateway user plane and the gateway control planeare separately deployed, the gateway user plane receives, through the Sxsession connection, the first authentication response message sent bythe gateway control plane.

Operation S113: The gateway user plane sends a session connection createresponse message to the user equipment, where the session connectioncreate response message includes the authentication result.

Specifically, the gateway user plane sends the session connection createresponse message to the user equipment by using the communication link,the session connection create response message includes theauthentication result, and the authentication result is used to notifythe user equipment whether the authentication succeeds. Theauthentication result or the session connection create response messageis sent after being encrypted.

The session connection create response message further includes thefeature attribute information of the user equipment.

Operation S114: The user equipment receives the session connectioncreate response message.

Specifically, the user equipment receives, by using the communicationlink, the session connection create response message sent by the gatewayuser plane.

Operation S115: If the authentication result is that the authenticationsucceeds, the gateway control plane sends service policy information tothe gateway user plane.

Specifically, when the gateway terminal module of the user equipment isauthenticated, the gateway control plane sends the service policyinformation to the gateway user plane. The service policy informationmay be carried in the first authentication response message, or may notbe carried in the first authentication response message, that is, theservice policy information is sent after the first authenticationresponse message is sent.

In a possible implementation, the service policy information includes atleast one current network slice connection policy, the at least onecurrent network slice connection policy is at least one original networkslice connection policy or at least one updated network slice connectionpolicy, and a network slice connection policy is used to indicate asession connection relationship between an application identifier and anetwork slice. The network slice connection policy includes acorrespondence among an application identifier, an access type, and anaccess point name (APN), and reflects the session connectionrelationship between an application identifier and a network slice. Inother words, a specific application is connected to a specific accesspoint by using a specific access type.

In a possible implementation, the service policy information includes atleast one service charging and control policy, and a service chargingand control policy is used to indicate a correspondence between anapplication identifier and a charging and control policy. The servicecharging and control policy includes a correspondence between anapplication identifier and information such as a service identifier, arating group, and quality of service (QoS), and reflects thecorrespondence between an application identifier and a charging andcontrol policy. In other words, a specific application is charged andcontrolled by using a specific policy.

Two types of policies included in the service policy information do notconstitute a limitation on Embodiment 1 of the present disclosure, andthe service policy information may further include another type ofpolicy.

It should be noted that operation S115 and operation S111 may besimultaneously performed. To be specific, when the gateway terminalmodule of the user equipment is authenticated, the gateway control planesimultaneously sends the first authentication response message and theservice policy information to the gateway user plane, or the firstauthentication response message sent by the gateway control plane to thegateway user plane carries both the authentication result and theservice policy information. Alternatively, operation S115 may beperformed after operation S111. To be specific, the authenticationresponse message is sent first, and the service policy information issent when the gateway terminal module of the user equipment isauthenticated.

Operation S116: The gateway user plane receives the service policyinformation.

Specifically, when the authentication result is that the authenticationsucceeds, the gateway user plane receives the service policy informationsent by the gateway control plane, and caches the service policyinformation.

Likewise, when the authentication result is that the authenticationsucceeds, operation S116 and operation S112 may be simultaneouslyperformed.

Operation S117: The gateway user plane sends the service policyinformation to the user equipment.

Specifically, the gateway user plane sends the service policyinformation to the user equipment by using the communication link. Theservice policy information is sent after being encrypted.

Likewise, when the authentication result is that the authenticationsucceeds, operation S117 and operation S113 may be simultaneouslyperformed.

Operation S118: The user equipment receives the service policyinformation.

Specifically, when the authentication result is that the authenticationsucceeds, the user equipment receives the service policy informationsent by the gateway user plane.

Likewise, when the authentication result is that the authenticationsucceeds, operation S118 and operation S114 may be simultaneouslyperformed.

Operation S119: The user equipment performs service management based onthe service policy information.

In a possible implementation, the user equipment obtains an applicationidentifier of a current application; searches, for a network slicecorresponding to the application identifier of the current application,the at least one current network slice connection policy that is sent bythe gateway user plane by using the communication link; and establishesa session connection and performs service access based on the foundnetwork slice. For example, the user equipment obtains an applicationidentifier of a current Internet of Things application, searches the atleast one current network slice connection policy for a correspondingnetwork slice, namely, a corresponding access type and access pointname, initiates a session connection for the access point name based onthe access type, and performs service access after establishing thesession connection. In the possible implementation, the UE mayindependently select the network slice to perform the session connectionand the service access, thereby reducing processing pressure of a corenetwork device, and improving a processing capability of the UE.

In a possible implementation, the user equipment obtains an applicationidentifier of a current application that accesses a data service;searches, for a charging and control policy corresponding to theapplication identifier of the current application, the at least oneservice charging and control policy that is sent by the gateway userplane by using the communication link; and collects statistics aboutdata traffic and performs access control based on the found charging andcontrol policy. The access control includes QoS control, remarking adifferentiated services code point (DSCP) value of an uplink servicepacket, and the like. For example, the current application used by theuser equipment to access a data service is a social application, anapplication identifier of the social application is obtained, and the atleast one service charging and control policy is searched for a chargingand control policy corresponding to the application identifier of thesocial application, and statistics about data traffic are collected andaccess control is performed based on the charging and control policy. Inother words, statistics about traffic used by the social application arecollected, and control is performed depending on usage. After thestatistics are collected, the user equipment periodically sends a usagereport request message to the gateway user plane by using thecommunication link, where the usage report request message includes thefeature attribute information of the user equipment and statistics abouttraffic usage for an application, the usage report request message isused to request the gateway user plane to generate an online or offlinecall detail record and feed back a usage report confirmation message,and the usage report confirmation message is used to indicate that thegateway user plane has confirmed the statistics about traffic usage foran application. The statistics about traffic usage for an applicationinclude a statistics result of the traffic usage for the application, aservice identifier, and a rating group.

When the service policy information includes another type of policy, theuser equipment performs corresponding service management based on aspecific policy.

In Embodiment 1 shown in FIG. 5A, FIG. 5B, and FIG. 5C, the userequipment obtains the communication address of the gateway user plane,establishes the communication link to the gateway user plane, and sends,to the gateway user plane by using the communication link, the sessionconnection create request message that carries the authenticationinformation of the gateway terminal module of the user equipment. Whenreceiving the session connection create request message, the gatewayuser plane sends the authentication request message to the gatewaycontrol plane, and the authentication request message is used to triggerthe gateway control plane to request the authentication server toperform authentication on the gateway terminal module of the userequipment. The authentication server performs authentication on thegateway terminal module of the user equipment, and feeds back theauthentication result to the gateway control plane. When receiving theauthentication result, the gateway control plane adds the authenticationresult to the authentication response message and sends theauthentication response message to the gateway user plane, and thegateway user plane adds the authentication result to the sessionconnection create response message and sends the session connectioncreate response message to the user equipment. If the authenticationresult is that the authentication succeeds, the gateway control planesends the service policy information to the gateway user plane, thegateway user plane sends the service policy information to the userequipment, and the user equipment performs service management based onthe service policy information, so that the user equipment performsservice management, a participation level of the user equipment can beincreased, and a service management capability of the user equipment canbe improved.

FIG. 6A, FIG. 6B, and FIG. 6C are a schematic communication diagram of aservice management method according to Embodiment 2 of the presentdisclosure. An AAA shown in Embodiment 2 is an authentication server.The method includes, but is not limited to, the following operations.

Operation S201: UE obtains a GW-U IP Address for GW-T.

Operation S202: The UE establishes a communication link to a GW-U.

Operation S203: The UE sends a session connection create request message(authentication information of the GW-T of the UE) to the GW-U.

The session connection create request message further includes featureattribute information of the UE, and the feature attribute informationof the UE includes information such as an MSISDN, an IMSI, and keywordinformation.

Operation S204: The GW-U receives the session connection create requestmessage.

Operation S205: The GW-U sends a first authentication request message(the authentication information of the GW-T of the UE) to a GW-C.

The first authentication request message further includes the featureattribute information of the UE.

Operation S206: The GW-C receives the first authentication requestmessage.

Operation S207: The GW-C sends a second authentication request message(the authentication information of the GW-T of the UE) to the AAA.

The second authentication request message further includes the featureattribute information of the UE.

Operation S208: The AAA receives the second authentication requestmessage, and performs authentication on a GW-T module of the UE.

Operation S209: The AAA sends a second authentication response message(an authentication result) to the GW-C.

The second authentication response message further includes the featureattribute information of the UE.

Operation S210: The GW-C receives the second authentication responsemessage.

Operation S211: The GW-C sends a first authentication response message(the authentication result) to the GW-U.

The first authentication response message further includes the featureattribute information of the UE.

Operation S212: The GW-U receives the first authentication responsemessage.

Operation S213: The GW-U sends a session connection create responsemessage (the authentication result) to the UE.

The session connection create response message further includes thefeature attribute information of the UE.

Operation S214: The UE receives the session connection create responsemessage.

For a specific process of operation S201 to operation S214, refer to thespecific description of operation S101 to operation S114 in Embodiment 1shown in FIG. 3. Details are not described herein again.

Operation S215: If the authentication result is that the authenticationsucceeds, the GW-C sends at least one network slice connection policy tothe GW-U.

The at least one network slice connection policy is the at least oneoriginal network slice connection policy in Embodiment 1. A networkslice connection policy is used to indicate a session connectionrelationship between an application identifier and a network slice. Thenetwork slice connection policy includes a correspondence among anapplication identifier, an access type, and an APN, and reflects thesession connection relationship between an application identifier and anetwork slice. In other words, a specific application is connected to aspecific access point by using a specific access type.

Operation S216: The GW-U receives the at least one network sliceconnection policy.

Operation S217: The GW-U sends the at least one network slice connectionpolicy to the UE.

Operation S218: The UE receives the at least one network sliceconnection policy.

Specifically, the UE receives and caches the at least one network sliceconnection policy.

Operation S219: The UE obtains an application identifier of a currentapplication.

The current application is an SLA application that is running on the UE,such as an AR application, an Internet of Things application, a remotemedical treatment application, or a self-driving application, and the UEobtains the application identifier of the current application, that is,determines the application identifier of the application that isrunning. There may be one or more current applications. This isdetermined depending on a specific case.

Operation S220: The UE searches the at least one network sliceconnection policy for a network slice corresponding to the applicationidentifier of the current application.

Specifically, the UE searches the at least one network slice connectionpolicy for the network slice corresponding to the application identifierof the current application, that is, determines an access type and anAPN that correspond to the current application identifier.

Operation S221: The UE establishes a session connection and performsservice access based on the found network slice.

Specifically, the UE establishes the session connection to the APN basedon the found access type and APN that correspond to the currentapplication, and performs service access on the APN.

In Embodiment 2 shown in FIG. 6A, FIG. 6B, and FIG. 6C, the UE selects,based on the at least one network slice connection policy sent by theGW-U, the network slice corresponding to the application identifier ofthe current application, establishes the session connection, andperforms service access, so that the UE dynamically and independentlyselects a network slice connection policy, thereby increasing aparticipation level of the UE and improving a processing capability ofthe UE.

FIG. 7 is a schematic communication diagram of a service managementmethod according to Embodiment 3 of the present disclosure. In anapplication scenario of Embodiment 3, UE has been authenticated andobtains at least one original network slice connection policy, and aGW-C updates the at least one original network slice connection policybased on an adjustment of a network slice deployment architecture. Themethod includes, but is not limited to, the following operations.

Operation S301: The GW-C updates the at least one original network sliceconnection policy to obtain at least one updated network sliceconnection policy.

In an update process, the GW-C adjusts network slices corresponding tosome application identifiers.

Operation S302: The GW-C sends a session modification request message(the at least one updated network slice connection policy) to a GW-U.

The session modification request message (Sx Session ModificationRequest) further includes feature attribute information of the UE.

Operation S303: The GW-U receives the session modification requestmessage.

Operation S304: The GW-U sends a session connection update requestmessage (the at least one updated network slice connection policy) tothe UE.

The session connection update request message further includes thefeature attribute information of the UE and an authentication result.

Operation S305: The UE receives the session connection update requestmessage.

Specifically, the UE receives the session connection update requestmessage, and caches the at least one updated network slice connectionpolicy.

Operation S306: The UE sends a session connection update responsemessage to the GW-U.

The session connection update response message is used to notify theGW-U that the UE has updated the at least one original network sliceconnection policy.

Operation S307: The UE obtains an application identifier of a currentapplication.

Operation S308: The UE searches the at least one updated network sliceconnection policy for a network slice corresponding to the applicationidentifier of the current application.

Operation S309: The UE establishes a session connection and performsservice access based on the found network slice.

In Embodiment 3 shown in FIG. 7, after updating the at least oneoriginal network slice connection policy, the GW-C sends the at leastone updated network slice connection policy to the GW-U, the GW-Udelivers the at least one updated network slice connection policy to theUE, and the UE performs service management based on the at least oneupdated network slice connection policy.

FIG. 8A, FIG. 8B, and FIG. 8C are a schematic communication diagram of aservice management method according to Embodiment 4 of the presentdisclosure. The method includes, but is not limited to, the followingoperations.

Operation S401: UE obtains a GW-U IP Address for GW-T.

Operation S402: The UE establishes a communication link to a GW-U.

Operation S403: The UE sends a session connection create request message(authentication information of the GW-T of the UE) to the GW-U.

Operation S404: The GW-U receives the session connection create requestmessage.

Operation S405: The GW-U sends a first authentication request message(the authentication information of the GW-T of the UE) to a GW-C.

Operation S406: The GW-C receives the first authentication requestmessage.

Operation S407: The GW-C sends a second authentication request message(a session identifier of the authentication information of the GW-T ofthe UE) to an AAA.

Operation S408: The AAA receives the second authentication requestmessage.

Operation S409: The AAA sends a second authentication response message(an authentication result) to the GW-C.

Operation S410: The GW-C receives the second authentication responsemessage.

Operation S411: The GW-C sends a first authentication response message(the authentication result) to the GW-U.

Operation S412: The GW-U receives the first authentication responsemessage.

Operation S413: The GW-U sends a session connection create responsemessage (the authentication result) to the UE.

Operation S414: The UE receives the session connection create responsemessage.

Operation S415: If the authentication result is that the authenticationsucceeds, the GW-C sends at least one service charging and controlpolicy to the GW-U.

Specifically, a service charging and control policy includes acorrespondence between an application identifier and information such asa service identifier, a rating group, and QoS, and reflects acorrespondence between an application identifier and a charging andcontrol policy. In other words, a specific application is charged andcontrolled by using a specific policy.

Operation S416: The GW-U receives the at least one service charging andcontrol policy.

Operation S417: The GW-U sends the at least one service charging andcontrol policy to the UE.

Operation S418: The UE receives the at least one service charging andcontrol policy.

Operation S419: The UE obtains an application identifier of a currentapplication that accesses a data service.

The current application that accesses a data service is an applicationthat is running on the UE and that needs to connect to a network or usedata traffic, and may include a social application, a shoppingapplication, an audio application, a video application, and the like.

Operation S420: The UE searches the at least one service charging andcontrol policy for a charging and control policy corresponding to theapplication identifier of the current application.

Operation S421: The UE collects statistics about data traffic andperforms access control based on the found charging and control policy.

Specifically, after collecting the statistics about the data traffic,the UE periodically sends a usage report request message to the GW-U,where the usage report request message includes the feature attributeinformation of the UE and statistics about traffic usage for anapplication. The usage report request message is used to request theGW-U to generate an online or offline call detail record for the UE andfeed back a usage report confirmation message, and the usage reportconfirmation message is used to indicate that the GW-U has confirmed thestatistics about traffic usage for an application. The statistics abouttraffic usage for an application include a statistics result of thetraffic usage for the application, a service identifier, and a ratinggroup.

In Embodiment 3 shown in FIG. 8A, FIG. 8B, and FIG. 8C, the UEdetermines, based on the at least one service charging and controlpolicy sent by the GW-U, the charging and control policy correspondingto the application identifier of the current application, and collectsthe statistics about the data traffic and performs access control, sothat the UE collects the statistics about the data traffic and performsaccess control, thereby increasing a participation level of the UE andimproving a processing capability of the UE.

It should be noted that the embodiments shown in FIG. 5A to FIG. 8Cdescribe the case in which the gateway user plane and the gatewaycontrol plane are separately deployed. If the gateway user plane and thegateway control plane are deployed in an integrated manner, a process ofinteraction between the gateway user plane and the gateway control planemay be an internal operation of a device deployed in the integratedmanner, and parts shown by dashed lines may not be presented in theschematic communication diagrams.

FIG. 9 is a schematic structural diagram of another user equipmentaccording to an embodiment of the present disclosure. User equipment 501shown in FIG. 9 includes an obtaining unit 5011, an establishment unit5012, a sending unit 5013, a receiving unit 5014, and a management unit5015.

The obtaining unit 5011 is configured to obtain a communication addressof a gateway user plane.

The establishment unit 5012 is configured to establish a communicationlink to the gateway user plane by using the communication address.

The sending unit 5013 is configured to send a session connection createrequest message to the gateway user plane by using the communicationlink, where the session connection create request message includesauthentication information of a gateway terminal module of the userequipment, and the authentication information of the gateway terminalmodule of the user equipment is used by the gateway user plane totrigger a gateway control plane to request an authentication server toperform authentication on the gateway terminal module of the userequipment.

The receiving unit 5014 is configured to receive, by using thecommunication link, a session connection create response message sent bythe gateway user plane, where the session connection create responsemessage includes an authentication result.

The management unit 5015 is configured to: if the authentication resultis that the authentication succeeds, perform service management based onservice policy information that is sent by the gateway user plane byusing the communication link.

It should be noted that the obtaining unit 5011 is configured to performoperation S101 in Embodiment 1 shown in FIG. 5A, the establishment unit5012 is configured to perform operation S102 in Embodiment 1 shown inFIG. 5A, the sending unit 5013 is configured to perform operation S103in Embodiment 1 shown in FIG. 5A, the receiving unit 5014 is configuredto perform operations S114 and S118 in Embodiment 1 shown in FIG. 5C,and the management unit 5015 is configured to perform operation S119 inEmbodiment 1 shown in FIG. 5C. The obtaining unit 5011, theestablishment unit 5012, and the management unit 5015 may be theprocessor 1011 of the user equipment shown in FIG. 3. The sending unit5013 and the receiving unit 5014 may be the transceiver 1012 of the userequipment shown in FIG. 3.

FIG. 10 is a schematic structural diagram of another gateway user planeaccording to an embodiment of the present disclosure. A gateway userplane 601 shown in FIG. 10 includes a receiving unit 6011 and a sendingunit 6012.

The receiving unit 6011 is configured to receive, by using acommunication link, a session connection create request message sent byuser equipment, where the session connection create request messageincludes authentication information of a gateway terminal module of theuser equipment, and the communication link is a link established by theuser equipment to the gateway user plane by using an obtainedcommunication address of the gateway user plane.

The sending unit 6012 is configured to send an authentication requestmessage to a gateway control plane, where the authentication requestmessage includes the authentication information of the gateway terminalmodule of the user equipment, and the authentication request message isused to trigger the gateway control plane to request an authenticationserver to perform authentication on the gateway terminal module of theuser equipment.

The receiving unit 6011 is further configured to receive anauthentication response message sent by the gateway control plane.

The sending unit 6012 is further configured to send a session connectioncreate response message to the user equipment by using the communicationlink, where the authentication response message and the sessionconnection create response message include an authentication result.

The receiving unit 6011 is further configured to: if the authenticationresult is that the authentication succeeds, receive service policyinformation sent by the gateway control plane.

The sending unit 6012 is further configured to send the service policyinformation to the user equipment by using the communication link, wherethe service policy information is used by the user equipment to performservice management based on the service policy information.

It should be noted that the receiving unit 6011 is configured to performoperations S104, S112, and S116 in Embodiment 1 shown in FIG. 5A, FIG.5B, and FIG. 5C, and the sending unit 6012 is configured to performoperations S105, S113, and S117 in Embodiment 1 shown in FIG. 5A andFIG. 5C. The receiving unit 6011 and the sending unit 6012 may be thetransceiver 1022 of the gateway user plane shown in FIG. 4.

Methods or algorithm operations described in combination with thecontent disclosed in the embodiments of the present disclosure may beimplemented by hardware, or may be implemented by a processor byexecuting a software instruction. The software instruction may include acorresponding software module. The software module may be stored in arandom access memory (RAM), a flash memory, a read only memory (ROM), anerasable programmable read only memory (Erasable Programmable ROM,EPROM), an electrically erasable programmable read only memory(Electrically EPROM, EEPROM), a register, a hard disk, a removable harddisk, a compact disc read only memory (CD-ROM), or any other form ofstorage medium well-known in the art. For example, a storage medium iscoupled to a processor, so that the processor can read information fromthe storage medium or write information into the storage medium.Certainly, the storage medium may be alternatively a component of theprocessor. The processor and the storage medium may be located in anASIC. In addition, the ASIC may be located in a first management unit ora second management unit. Certainly, the processor and the storagemedium may alternatively exist in a first management unit or a secondmanagement unit as discrete components.

A person skilled in the art should be aware that in the foregoing one ormore examples, functions described in the embodiments of the presentdisclosure may be implemented by hardware, software, firmware, or anycombination thereof. When the present disclosure is implemented bysoftware, the foregoing functions may be stored in a computer-readablemedium or transmitted as one or more instructions or code in thecomputer-readable medium. The computer-readable medium includes acomputer storage medium and a communications medium, where thecommunications medium includes any medium that enables a computerprogram to be transmitted from one place to another. The storage mediummay be any available medium accessible to a general-purpose or dedicatedcomputer.

In the foregoing specific implementations, the objectives, technicalsolutions, and beneficial effects of the embodiments of the presentdisclosure are further described in detail. It should be understood thatthe foregoing descriptions are merely specific implementations of theembodiments of the present disclosure, but are not intended to limit theprotection scope of the embodiments of the present disclosure. Anymodification, equivalent replacement, or improvement made based on thetechnical solutions of the embodiments of the present disclosure shallfall within the protection scope of the embodiments of the presentdisclosure.

What is claimed is:
 1. A service management method, comprising:obtaining, by user equipment, a communication address of a gateway userplane, and establishing a communication link to the gateway user planeby using the communication address; sending, by the user equipment, asession connection create request message to the gateway user plane byusing the communication link, wherein the session connection createrequest message comprises authentication information of a gatewayterminal module of the user equipment, and the authenticationinformation of the gateway terminal module of the user equipment is usedby the gateway user plane to trigger a gateway control plane to requestan authentication server to perform authentication on the gatewayterminal module of the user equipment; receiving, by the user equipmentby using the communication link, a session connection create responsemessage sent by the gateway user plane, wherein the session connectioncreate response message comprises an authentication result; and if theauthentication result is that the authentication succeeds, performing,by the user equipment, service management based on service policyinformation that is sent by the gateway user plane by using thecommunication link.
 2. The method according to claim 1, wherein theservice policy information comprises at least one current network sliceconnection policy, the at least one current network slice connectionpolicy is at least one original network slice connection policy or atleast one updated network slice connection policy, and a network sliceconnection policy is used to indicate a session connection relationshipbetween an application identifier and a network slice; and theperforming, by the user equipment, service management based on servicepolicy information that is sent by the gateway user plane by using thecommunication link comprises: obtaining, by the user equipment, anapplication identifier of a current application; searching, by the userequipment for a network slice corresponding to the applicationidentifier of the current application, the at least one current networkslice connection policy that is sent by the gateway user plane by usingthe communication link; and establishing, by the user equipment, asession connection and performing service access based on the foundnetwork slice.
 3. The method according to claim 2, wherein the at leastone current network slice connection policy is the at least one updatednetwork slice connection policy; and before the performing, by the userequipment, service management based on service policy information thatis sent by the gateway user plane by using the communication link, themethod further comprises: sending, by the user equipment, a sessionconnection update response message to the gateway user plane by usingthe communication link, wherein the session connection update responsemessage is used to indicate that the user equipment has updated the atleast one original network slice connection policy.
 4. The methodaccording to claim 1, wherein the service policy information comprisesat least one service charging and control policy, and a service chargingand control policy is used to indicate a correspondence between anapplication identifier and a charging and control policy; and theperforming, by the user equipment, service management based on servicepolicy information that is sent by the gateway user plane by using thecommunication link comprises: obtaining, by the user equipment, anapplication identifier of a current application that accesses a dataservice; searching, by the user equipment for a charging and controlpolicy corresponding to the application identifier of the currentapplication, the at least one service charging and control policy thatis sent by the gateway user plane by using the communication link; andcollecting, by the user equipment, statistics about data traffic andperforming access control based on the found charging and controlpolicy.
 5. The method according to claim 4, wherein after theperforming, by the user equipment, service management based on servicepolicy information that is sent by the gateway user plane by using thecommunication link, the method further comprises: periodically sending,by the user equipment, a usage report request message to the gatewayuser plane by using the communication link, wherein the usage reportrequest message comprises feature attribute information of the userequipment and statistics about traffic usage for an application, theusage report request message is used to request the gateway user planeto generate an online or offline call detail record and feed back ausage report confirmation message, and the usage report confirmationmessage is used to indicate that the gateway user plane has confirmedthe statistics about traffic usage for an application.
 6. The methodaccording to claim 1, wherein the obtaining, by user equipment, acommunication address of a gateway user plane comprises: obtaining, bythe user equipment, the communication address of the gateway user planebased on an attach response message sent by an access network gateway,wherein the attach response message comprises the communication addressof the gateway user plane; or obtaining, by the user equipment, thecommunication address of the gateway user plane based onpreconfiguration information of the user equipment; or obtaining, by theuser equipment, the communication address of the gateway user plane in aconfiguration manner selected by a user.
 7. The method according toclaim 1, wherein before the establishing, by user equipment, acommunication link to the gateway user plane by using the communicationaddress, the method further comprises: detecting, by the user equipment,whether the gateway terminal module of the user equipment, a right ofthe user equipment, and a network operating environment meet a presetcondition; and if a detection result is yes, performing, by the userequipment, the operation of establishing a communication link to thegateway user plane by using the communication address.
 8. Userequipment, comprising a processor and a transceiver, wherein theprocessor is configured to: obtain a communication address of a gatewayuser plane, and establish a communication link to the gateway user planeby using the communication address; the transceiver is configured tosend a session connection create request message to the gateway userplane by using the communication link, wherein the session connectioncreate request message comprises authentication information of a gatewayterminal module of the user equipment, and the authenticationinformation of the gateway terminal module of the user equipment is usedby the gateway user plane to trigger a gateway control plane to requestan authentication server to perform authentication on the gatewayterminal module of the user equipment; the transceiver is furtherconfigured to receive, by using the communication link, a sessionconnection create response message sent by the gateway user plane,wherein the session connection create response message comprises anauthentication result; and if the authentication result is that theauthentication succeeds, the processor is further configured to performservice management based on service policy information that is sent bythe gateway user plane by using the communication link.
 9. The userequipment according to claim 8, wherein the service policy informationcomprises at least one current network slice connection policy, the atleast one current network slice connection policy is at least oneoriginal network slice connection policy or at least one updated networkslice connection policy, and a network slice connection policy is usedto indicate a session connection relationship between an applicationidentifier and a network slice; and the processor is specificallyconfigured to: obtain an application identifier of a currentapplication; search, for a network slice corresponding to theapplication identifier of the current application, the at least onecurrent network slice connection policy that is sent by the gateway userplane by using the communication link; and establish a sessionconnection and perform service access based on the found network slice.10. The user equipment according to claim 9, wherein the at least onecurrent network slice connection policy is the at least one updatednetwork slice connection policy; and the transceiver is furtherconfigured to send a session connection update response message to thegateway user plane by using the communication link, wherein the sessionconnection update response message is used to indicate that the userequipment has updated the at least one original network slice connectionpolicy.
 11. The user equipment according to claim 8, wherein the servicepolicy information comprises at least one service charging and controlpolicy, and a service charging and control policy is used to indicate acorrespondence between an application identifier and a charging andcontrol policy; and the processor is specifically configured to: obtainan application identifier of a current application that accesses a dataservice; search, for a charging and control policy corresponding to theapplication identifier of the current application, the at least oneservice charging and control policy that is sent by the gateway userplane by using the communication link; and collect statistics about datatraffic and perform access control based on the found charging andcontrol policy.
 12. The user equipment according to claim 11, whereinthe transceiver is further configured to periodically send a usagereport request message to the gateway user plane by using thecommunication link, wherein the usage report request message comprisesfeature attribute information of the user equipment and statistics abouttraffic usage for an application, the usage report request message isused to request the gateway user plane to generate an online or offlinecall detail record and feed back a usage report confirmation message,and the usage report confirmation message is used to indicate that thegateway user plane has confirmed the statistics about traffic usage foran application.
 13. The user equipment according to claim 8, wherein theprocessor is specifically configured to: obtain the communicationaddress of the gateway user plane based on an attach response messagesent by an access network gateway, wherein the attach response messagecomprises the communication address of the gateway user plane; or obtainthe communication address of the gateway user plane based onpreconfiguration information of the user equipment; or obtain thecommunication address of the gateway user plane in a configurationmanner selected by a user.
 14. The user equipment according to claim 8,wherein the processor is further configured to detect whether thegateway terminal module of the user equipment, a right of the userequipment, and a network operating environment meet a preset condition;and if a detection result is yes, the transceiver performs the operationof establishing a communication link to the gateway user plane by usingthe communication address.
 15. A gateway user plane, comprising aprocessor and a transceiver, wherein the transceiver is configured toreceive, by using a communication link, a session connection createrequest message sent by user equipment, wherein the session connectioncreate request message comprises authentication information of a gatewayterminal module of the user equipment, and the communication link is alink established by the user equipment to the gateway user plane byusing an obtained communication address of the gateway user plane; thetransceiver is further configured to send an authentication requestmessage to a gateway control plane, wherein the authentication requestmessage comprises the authentication information of the gateway terminalmodule of the user equipment, and the authentication request message isused to trigger the gateway control plane to request an authenticationserver to perform authentication on the gateway terminal module of theuser equipment; the transceiver is further configured to: receive anauthentication response message sent by the gateway control plane, andsend a session connection create response message to the user equipmentby using the communication link, wherein the authentication responsemessage and the session connection create response message comprise anauthentication result; and if the authentication result is that theauthentication succeeds, the transceiver is further configured to:receive service policy information sent by the gateway control plane,and send the service policy information to the user equipment by usingthe communication link, wherein the service policy information is usedby the user equipment to perform service management based on the servicepolicy information.
 16. The gateway user plane according to claim 15,wherein the service policy information comprises at least one currentnetwork slice connection policy, the at least one current network sliceconnection policy is at least one original network slice connectionpolicy or at least one updated network slice connection policy, and anetwork slice connection policy is used to indicate a session connectionrelationship between an application identifier and a network slice. 17.The gateway user plane according to claim 16, wherein the at least onecurrent network slice connection policy is the at least one updatednetwork slice connection policy; and the transceiver is furtherconfigured to receive, by using the communication link, a sessionconnection update response message sent by the user equipment, whereinthe session connection update response message is used to indicate thatthe user equipment has updated the at least one original network sliceconnection policy.
 18. The gateway user plane according to claim 15,wherein the service policy information comprises at least one servicecharging and control policy, and a service charging and control policyis used to indicate a correspondence between an application identifierand a charging and control policy.
 19. The gateway user plane accordingto claim 18, wherein the transceiver is further configured to receive,by using the communication link, a usage report request messageperiodically sent by the user equipment, wherein the usage reportrequest message comprises feature attribute information of the userequipment and statistics about traffic usage for an application; and theprocessor is configured to: generate an online or offline call detailrecord based on the usage report request message and feed back a usagereport confirmation message to the user equipment by using thecommunication link, wherein the usage report confirmation message isused to indicate that the gateway user plane has confirmed thestatistics about traffic usage for an application.
 20. The gateway userplane according to claim 15, wherein the session connection createrequest message further comprises the feature attribute information ofthe user equipment, and the feature attribute information of the userequipment comprises an MSISDN and an IMSI.